Funsec

malicious binaries

Tue, 22 May 2012 21:24:02 GMT

Posted by Daniel Otis on May 22

Many moons ago I ran a site to share malware binaries amongst the people
on this list. I'm always looking for a new source of data so I am
wondering if there is a current free source for sharing malicious
binaries for analysis. Thanks! Also, I wouldn't mind running such a
service again, the only problem was I was the only one sharing ;)

Daniel

Re: Rotten AV proves "free market" false?

Tue, 22 May 2012 11:49:14 GMT

Posted by Drsolly on May 22

"So why are the outcomes of this market so poor? "

Because the job that they're trying to do, can't actually be done.

Rotten AV proves "free market" false?

Mon, 21 May 2012 19:33:39 GMT

Posted by Rob, grandpa of Ryan, Trevor, Devon & Hannah on May 21

(Or lousy OS situation, or pitiful software security in general ...)

http://www.businessinsider.com/when-competition-easy-entry-and-no-government-
produces-lousy-results-a-quick-look-at-the-anti-virus-and-anti-malware-market-
2012-5

or

http://is.gd/yfQXMG

(I do recall some research that indicates "low cost of entry" actually promotes
monoculture ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn...

(Redundant) Backup is good

Tue, 15 May 2012 23:17:58 GMT

Posted by Rob, grandpa of Ryan, Trevor, Devon & Hannah on May 15

An example:
http://www.youtube.com/watch?v=EL_g0tyaIeE

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
The client interface is the boundary of trustworthiness.
- Tony Buckland, UBC
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links...

Nigerian funds transfer safe

Tue, 15 May 2012 22:12:22 GMT

Posted by Rob, grandpa of Ryan, Trevor, Devon & Hannah on May 15

I've always been a bit worried that those offers I've gotten from Nigerian
individuals and banks might be "too good to be true." So it's really nice that the
FBI has taken time from it's busy schedule to assure me, even before I asked, that
the sca... I mean, deal, is safe.

(Now all I have to worry about is that the FBI is eeking to wiretap the whole
Internet. Must be an expensive proposition. Maybe they are...

Error in Finnish e-prescription software randomly added characters when Return was used

Sun, 13 May 2012 09:58:14 GMT

Posted by Juha-Matti Laurio on May 13

Finnish Medical Journal (in Finnish):
http://www.laakarilehti.fi/uutinen.html?opcode=show/news_id=12029/type=1

Google translation:
http://translate.google.com/translate?hl=en?sl=fi&tl=en&u=http%3A//www.laakarilehti.fi/uutinen.html%3Fopcode%3Dshow/news_id%3D12029/type%3D1

It is reported that using Return key in Effica e-prescription software randomly caused the program to add or destroy
characters typed by the doctor.
According to the...

Re: .secure TLD

Sun, 13 May 2012 04:54:17 GMT

Posted by valdis . kletnieks on May 12

On Fri, 11 May 2012 21:23:01 -0400, Ben April said:

Read between the lines. The guy scored $9M in startup funding, and
only has to pay ICANN $185K for the .secure TLD. And then he gets to
collect *more* money from anybody silly enough to buy into the TLD.

Step 3: Profit!

PCI DSS and BEAST

Sat, 12 May 2012 18:42:32 GMT

Posted by Drsolly on May 12

I just spent two effortful days getting my Secure Server to pass the PCI
DSS. The big problem is the BEAST vulnerability. And it's a corker. What
you have to do to get your certification, is disable most of the strong
crypto that you accept, and only accept some of the weaker ones (a bit of
research on the web will give you that info).

Having done that, and gotten my certification renewed, my QA told me that
some of the big banks...

Re: .secure TLD

Sat, 12 May 2012 16:54:09 GMT

Posted by Bruce Ediger on May 12

What happened to "The map is not the territory"?

After that, I want to know what happened to "The tap is not
meritorious".

Re: .secure TLD

Sat, 12 May 2012 04:30:05 GMT

Posted by Nick FitzGerald on May 11

Ben April wrote:

Well, the whole idea is somewhere between hilarious and blatantly
ignorant on its face, so that's funny (as in "funny sad" -- these folk
do seem to think they're doing something useful that will make a
difference) right off the bat...

If they really want to "assure security" they won't let any of their
registered domains install any currently-popular web-apps, PHP or,
realistically, even...

.secure TLD

Sat, 12 May 2012 01:47:26 GMT

Posted by Ben April on May 11

http://www.darkreading.com/authentication/167901072/security/security-management/240000187/new-i-secure-i-internet-domain-on-tap.html

If they really wanted to be secure they would require the
implementation of RFC 3514

Terrorist toddlers (Toddler terrorists?)

Fri, 11 May 2012 18:14:35 GMT

Posted by Robert Slade on May 11

http://www.vancouversun.com/travel/toddler+JetBlue+employees+pull+month+from+flight+over+list/6606185/story.html

Re: As you were ...

Thu, 10 May 2012 21:41:59 GMT

Posted by Paul Ferguson on May 10

I knew it! :-)

- ferg

- Sent from my Android device.

As you were ...

Thu, 10 May 2012 21:29:04 GMT

Posted by Rob, grandpa of Ryan, Trevor, Devon & Hannah on May 10

Apparently the Mayan's were as bad as anyone else changing their minds on the
date of the end of the world ...

http://www.sciencedaily.com/releases/2012/05/120510141905.htm

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
The evening news is where they begin with 'Good evening,' and
then proceed to tell you why it isn't....

7 Ways Oracle Puts Database Customers At Risk

Thu, 10 May 2012 15:38:03 GMT

Posted by Juha-Matti Laurio on May 10

A very good coverage:

http://www.darkreading.com/database-security/167901020/security/news/232901381/7-ways-oracle-puts-database-customers-at-risk.html

Juha-Matti